Document use of literal_eval for Python API

79324466 · Kamil Kisiel · Kohsuke Kawaguchi · b8eb5137 · 79324466
隐藏空白更改
内联并排

Showing with 11 addition and 5 deletion

core/src/main/resources/hudson/model/Api/index.jelly core/src/main/resources/hudson/model/Api/index.jelly +11 -5

未找到文件。
--- a/core/src/main/resources/hudson/model/Api/index.jelly
+++ b/core/src/main/resources/hudson/model/Api/index.jelly
@@ -66,12 +66,18 @@ THE SOFTWARE.

        <dt><a href="python">Python API</a></dt>
        <dd>
-          Access the same data as Python for Python clients. This can be parsed into Python
-          object as <tt>eval(urllib.urlopen("...").read())</tt> and the resulting object
-          tree is identical to that of JSON.
+         <p>
+           Access the same data as Python for Python clients. This can be parsed into Python
+           object as <tt>eval(urllib.urlopen("...").read())</tt> and the resulting object
+           tree is identical to that of JSON.

-          However, when you do this, beware of the security implication. If you are connecting
-          to a non-trusted Jenkins, the server can send you malicious Python programs. 
+           However, when you do this, beware of the security implication. If you are connecting
+           to a non-trusted Jenkins, the server can send you malicious Python programs. 
+         </p>
+         <p>
+           In Python 2.6 or later you can safely parse this output using 
+           <tt>ast.literal_eval(urllib.urlopen("...").read())</tt>
+         </p>
        </dd>
      </dl>